» » » » » Remote Code Execution Vulnerability in Adobe Flash Player

0 , , ,
A+ A-
Remote Code Execution Vulnerability in Adobe Flash Player

A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a double-free condition when handling specially crafted SWF files. Successful exploitation would allow an attacker to take complete control of the affected system.
CVE number: CVE-2014-0498, CVE-2014-0499, CVE-2014-0502

Vulnerable Versions

Flash Player 12.0.0.44 and earlier versions for Windows and Macintosh
Flash Player 11.2.202.336 and earlier for Linux
Flash Player 12.0.0.44 and earlier for Chrome (Windows, Macintosh and Linux)
Flash Player 12.0.0.44 and earlier in Internet Explorer 10 for Windows 8.0
Flash Player 12.0.0.44 and earlier in Internet Explorer 11 for Windows 8.1
AIR 4.0.0.1390 and earlier for Android
AIR 4.0.0.1390 SDK & Compiler
AIR 4.0.0.1390 SDK

Solution

Adobe recommends users update their software installations by following the instructions below:
  • Adobe recommends users of Adobe Flash Player 12.0.0.44 and earlier versions for Windows and Macintosh update to the newest version 12.0.0.70 by downloading it from the Adobe Flash Player Download Center, or via the update mechanism within the product when prompted.
  • Adobe recommends users of Adobe Flash Player 11.2.202.336 and earlier versions for Linux update to Adobe Flash Player 11.2.202.341 by downloading it from the Adobe Flash Player Download Center.
  • For users of Flash Player 11.7.700.261 and earlier versions for Windows and Macintosh, who cannot update to Flash Player 12.0.0.44, Adobe has made available the update Flash Player 11.7.700.269, which can be downloaded here.
  • Adobe Flash Player 12.0.0.44 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 12.0.0.70 for Windows, Macintosh and Linux.
  • Adobe Flash Player 12.0.0.44 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 12.0.0.70 for Windows 8.0.
  • Adobe Flash Player 12.0.0.44 installed with Internet Explorer 11 will automatically be updated to the latest Internet Explorer 11 version, which will include Adobe Flash Player 12.0.0.70 for Windows 8.1.
  • Users of the Adobe AIR 4.0.0.1390 SDK should update to the Adobe AIR 4.0.0.1628 SDK.
  • Users of the Adobe AIR 4.0.0.1390 SDK & Compiler and earlier versions should update to the Adobe AIR 4.0.0.1680 SDK & Compiler.
  • Users of the Adobe AIR 4.0.0.1390 and earlier versions for Android should update to Adobe AIR 4.0.0.1628 by browsing to Google play on an Android device.

Share to:

Post a Comment Blogger

Subscribe to: Post Comments (Atom)
 
Top